sbomify logo

The sbomify Blog

Content for software, product, and digital security experts

Announcing sbomify v0.25: The One with Attestations

Software supply chain security is not just about knowing what is in your software. It is about proving that knowledge is authentic and has...

Viktor Petersson Jan 23. 2026
Read more →

The MIT License: A Complete Guide for Developers

The MIT License is a permissive open source license that allows virtually unrestricted use, modification, distribution, and sublicensing of...

Cowboy Neil Jan 22. 2026
Read more →

Announcing sbomify-action v0.11: The One Where They Go to PyPI

With v0.11, sbomify-action is no longer tied to your CI/CD pipeline. Install it anywhere with pip install sbomify-action and generate...

Viktor Petersson Jan 20. 2026
Read more →

SBOM Management: How to Organize, Track, and Act on Your SBOMs

SBOM management is the practice of organizing, storing, versioning, distributing, and acting on Software Bills of Materials across an...

Cowboy Neil Jan 18. 2026
Read more →

SBOM Formats Compared: CycloneDX vs SPDX

An SBOM format defines the structure, fields, and serialization of a Software Bill of Materials. Two formats have emerged as industry...

Cowboy Neil Jan 15. 2026
Read more →

Announcing sbomify v0.24: The One with All the Plugins

Today marks a pivotal release for sbomify. With v0.24, we are laying the foundation for what will become a fully extensible, plugin-based...

Viktor Petersson Jan 14. 2026
Read more →

Software Composition Analysis (SCA): What It Is and How SBOMs Fit In

Software Composition Analysis (SCA) is a category of application security tooling that identifies open source and third-party components in...

Cowboy Neil Jan 11. 2026
Read more →

FDA Medical Device SBOM Requirements: What the New Cybersecurity Guidance Means for Manufacturers

On June 27, 2025, the FDA issued updated guidance on “Cybersecurity in Medical Devices: Quality System Considerations and Content of...

Viktor Petersson Jan 9. 2026
Read more →

Apache License 2.0: What It Is, How It Works, and What It Means for Your Software

The Apache License 2.0 is a permissive open source license published by the Apache Software Foundation (ASF) that allows users to freely...

Cowboy Neil Jan 7. 2026
Read more →

CRA Explained: What the Cyber Resilience Act Means for Device Manufacturers

The EU Cyber Resilience Act (CRA) is transforming how device manufacturers approach cybersecurity. To break down what this means in...

Viktor Petersson Jan 6. 2026
Read more →

Container Security: Best Practices for Securing Docker and Kubernetes

Container security is the practice of protecting containerized applications and their infrastructure throughout the entire lifecycle — from...

Cowboy Neil Jan 3. 2026
Read more →

What Is a KEV? Understanding CISA's Known Exploited Vulnerabilities Catalog

A KEV — Known Exploited Vulnerability — is a vulnerability that attackers are exploiting right now. When Apache Log4Shell (CVE-2021-44228)...

Cowboy Neil Dec 30. 2025
Read more →
← Previous Page 2 of 7 Next →